<?
include("./includes/mail_config.php");
$act= isset($_GET["act"])?$_GET["act"]:'';

switch($act){
	case "log_out":	
		Logout();
		break;	

	case "sm":
		Login();
		break;
	
	case "forgot":
		$tpl = 'forgot';
		break;
	
	case 'forgotsm':
		ForgotPass();
		$tpl = 'login';
		break;
	
	case 'resetpass':
		ResetPass();
		$tpl = 'login';
		break;
	
	default:
		$tpl="login";
		break;
}

function Logout(){
	unset($_SESSION["store_login"]);
	unset($_SESSION["admin_username"]);
	$msg = "Log Out";             
	$page = "admin.php";             
	page_transfer($msg,$page);
}

function Login(){
	global $db;
	if(!isset($_SESSION['counter_login'])){

		$_SESSION['counter_login'] = 0;
	}
	$checkcaptcha = false;
	if ($_POST['checkcaptcha'] == 'true')
	{
		$checkcaptcha = true;
		}
		if ($checkcaptcha)
		{
	if (!(!empty($_POST['security_code']) && $_POST['security_code'] == $_SESSION['security_code']))					{
				$msg = "Security ss code wrong";
				$page = "admin.php?do=login&error=1";
				page_transfer($msg,$page);
				}
			}
		
		$username     = isset($_POST["username"])     ? $_POST["username"]     : '';
		$username = CleanSQLInjection($username);
		$password     = isset($_POST["password"])     ? $_POST["password"]     : '';
		$password = CleanSQLInjection($password);
		//-------------------------------------------------
		$sql_select = "select * from admin  where username='$username' ";
		$result=$db->getRow($sql_select);
		if(!$result)
		{
			$_SESSION['counter_login']++;
			$msg = "User not exist";
			$page = "admin.php?do=login&error=1";
			page_transfer($msg,$page);
		}
	
		if(md5($password)!=$result["password"])
		{
			$_SESSION['counter_login']++;
			$msg = "Password invalid";
			$page = "admin.php?do=login&error=1";		
			page_transfer($msg,$page);
		}
		if(!isset($_SESSION["store_login"]))
		{
			$_SESSION["store_login"]    = "store_logined";
			$_SESSION["admin_username"]    = $username;
			$_SESSION['group_user'] = $result['group'];
			$msg = "Login successfully!";
			//$page = "admin.php";
			$page = "admin.php?do=categories&act=list&cid=121&root=1";
			page_transfer($msg,$page);
		}
}
function ForgotPass()
{
	global $db,$act, $msg, $mail, $FullUrl;
	$email = SafeFormValue('email');
	$page = 'admin.php';
	
	if(!empty($email))
	{
		$msg="Email không tồn tại!";
		$sql = "select email, password from admin where email='" . $email . "'";
		$r = $db->getRow($sql);
		if($r){
			$body = file_get_contents('EmailTemplate/forgot_password.html');
			
			$link = 'http://www.' . GetFullDomain() . $FullUrl . "/admin.php?do=login&act=resetpass&email=" . $r['email'] . "&password=" . $r['password'];
			
			$body = str_replace('[LINK]', $link, $body);
			$mail->Subject  = "Forgot password admin";
			$mail->MsgHTML($body);
			$mail->AddAddress( $_POST["email"], "Ho Tro");
			$mail->Send();
			$msg='Email đã gửi đến bạn. Mời check mail để reset password!';
			
			$_SESSION['mess'] = $msg;
			page_transfer2($page);
		}
	}
}
function ResetPass()
{
	global $db,$act, $msg, $new_pass;
	$email = SafeQueryString('email');
	$page = 'admin.php';
	if(!empty($email))
	{
		$msg="Tài khoản này không tồn tại";
		$sql = "select * from admin where email='" . $email . "'";
		$r = $db->getRow($sql);
		if($r){
			if($r['password'] == $_GET['password']){
				$new_pass = GenRandomString();
				$arr = array();
				$arr['password'] = md5($new_pass);
				vaUpdate('admin', $arr, "email='" . $_GET["email"] . "'");
				
				$msg = "Xin chào <strong>" . $r['username'] . "</strong> <br />Password mới của bạn là: <strong>$new_pass</strong> <br /> Bạn hãy đổi password ngay sau khi đăng nhập";
			}
		}
	}
}

include('./kam/login.ctp');
?>
